Lucene search
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.DEBIAN_DSA-158.NASLHistorySep 29, 2004 - 12:00 a.m.
Debian DSA-158-1 : gaim - arbitrary program execution
2004-09-2900:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
13
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.4%
The developers of Gaim, an instant messenger client that combines several different networks, found a vulnerability in the hyperlink handling code. The ‘Manual’ browser command passes an untrusted string to the shell without escaping or reliable quoting, permitting an attacker to execute arbitrary commands on the users machine.
Unfortunately, Gaim doesn’t display the hyperlink before the user clicks on it. Users who use other inbuilt browser commands aren’t vulnerable.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-158. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(14995);
script_version("1.21");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2002-0989");
script_bugtraq_id(5574);
script_xref(name:"DSA", value:"158");
script_name(english:"Debian DSA-158-1 : gaim - arbitrary program execution");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"The developers of Gaim, an instant messenger client that combines
several different networks, found a vulnerability in the hyperlink
handling code. The 'Manual' browser command passes an untrusted string
to the shell without escaping or reliable quoting, permitting an
attacker to execute arbitrary commands on the users machine.
Unfortunately, Gaim doesn't display the hyperlink before the user
clicks on it. Users who use other inbuilt browser commands aren't
vulnerable."
);
script_set_attribute(
attribute:"see_also",
value:"http://www.debian.org/security/2002/dsa-158"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the gaim package immediately.
This problem has been fixed in version 0.58-2.2 for the current stable
distribution (woody) and in version 0.59.1-2 for the unstable
distribution (sid). The old stable distribution (potato) is not
affected since it doesn't ship the Gaim program.
The fixed version of Gaim no longer passes the user's manual browser
command to the shell. Commands which contain the %s in quotes will
need to be amended, so they don't contain any quotes. The 'Manual'
browser command can be edited in the 'General' pane of the
'Preferences' dialog, which can be accessed by clicking 'Options' from
the login window, or 'Tools' and then 'Preferences' from the menu bar
in the buddy list window."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gaim");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
script_set_attribute(attribute:"patch_publication_date", value:"2002/08/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
script_set_attribute(attribute:"vuln_publication_date", value:"2002/08/27");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"3.0", prefix:"gaim", reference:"0.58-2.2")) flag++;
if (deb_check(release:"3.0", prefix:"gaim-common", reference:"0.58-2.2")) flag++;
if (deb_check(release:"3.0", prefix:"gaim-gnome", reference:"0.58-2.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | gaim | p-cpe:/a:debian:debian_linux:gaim |
| debian | debian_linux | 3.0 | cpe:/o:debian:debian_linux:3.0 |
Related
cve
cve
CVE-2002-0989
2003-04-02 05:00:00
cvelist
cvelist
CVE-2002-0989
2003-04-02 05:00:00
nvd
nvd
CVE-2002-0989
2002-09-24 04:00:00
osv
osv
gaim - arbitrary program execution
2002-08-27 00:00:00
nessus
nessus
RHEL 2.1 : gaim (RHSA-2002:191)
2004-07-06 00:00:00
Mandrake Linux Security Advisory : gaim (MDKSA-2002:054-1)
2004-07-31 00:00:00
openvas
openvas
Debian Security Advisory DSA 158-1 (gaim)
2008-01-17 00:00:00
Debian Security Advisory DSA 158-1 (gaim)
2008-01-17 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.4%
Related for DEBIAN_DSA-158.NASL